Обсуждение: No SPF record for postgresql.org?

I've been tinkering with setting up SPF-based filtering on my mail
server, and I was surprised to find out that most of the traffic
it would want to throw away is Postgres mailing list messages.
Why is it that there's no SPF record for postgresql.org?  I realize
that there's debate about how useful SPF actually is, but surely
that's not a reason not to publish an SPF entry.
        regards, tom lane

On 16 Oct 2016, at 19:28, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> 
> I've been tinkering with setting up SPF-based filtering on my mail
> server, and I was surprised to find out that most of the traffic
> it would want to throw away is Postgres mailing list messages.
> Why is it that there's no SPF record for postgresql.org?  I realize
> that there's debate about how useful SPF actually is, but surely
> that's not a reason not to publish an SPF entry.

As an extra data point, the lack of SPF and DKIM for postgresql.org
is a bit of a pain when using @postgresql.org email address too. :(

Especially to Yahoo email users.

Maybe thankfully, Yahoo might not be a problem for that much longer. ;)

+ Justin

--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi

On Sun, Oct 16, 2016 at 8:29 PM, Justin Clift <justin@postgresql.org> wrote:
> On 16 Oct 2016, at 19:28, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>
>> I've been tinkering with setting up SPF-based filtering on my mail
>> server, and I was surprised to find out that most of the traffic
>> it would want to throw away is Postgres mailing list messages.
>
> As an extra data point, the lack of SPF and DKIM for postgresql.org
> is a bit of a pain when using @postgresql.org email address too. :(

I understand how SPF affects @postgresql.org addresses but I was under
the impression that it was no help for mailing list traffic since it's
being relayed so the ip address isn't going to match the records for
the sending domain anyways. For relayed traffic you need the verify
the DKIM signature (which is why it's important that the list not
modify the content).


-- 
greg

Greg Stark <stark@mit.edu> writes:
> I understand how SPF affects @postgresql.org addresses but I was under
> the impression that it was no help for mailing list traffic since it's
> being relayed so the ip address isn't going to match the records for
> the sending domain anyways.

No, I think you're confusing it with DKIM.  SPF checks to see whether
the sending machine is an authorized IP address for the domain of the
envelope FROM address --- which'd be the list itself.  For example,
the whine I'm getting about this message is

Received-SPF: none (sss.pgh.pa.us: domain of postgresql.org does not provide an SPF record) client-ip=217.196.149.56;
envelope-from=sss.pgh.pa.us@postgresql.org;helo=malur.postgresql.org; 

The original sender having been stark@mit.edu doesn't enter into it.
        regards, tom lane

Magnus Hagander <magnus@hagander.net> writes:
> SPF is a different beast. We have SPF set up for most of our
> non-postgresql.org domains, but we've been hesitant to touch the actual
> postgresql.org domain until we have separate out the list namespaces. It
> *should* be safe, but we just haven't wanted to touch it until we were
> certain. At least that's my recollection of it, Stefan might have more
> details.

OK, as long as there's a plan.  I'm going to whitelist postgresql.org
anyway, so it doesn't matter to me.  It just seemed like publishing
an SPF entry is an important part of don't-look-like-a-spammer these
days.
        regards, tom lane